***** NORMAL SCAN FOR ACTIVE MALWARE *****

Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com

[Registered to: soonerter@nokiamail.com]
Scan started at: 11:52:18 AM 06 Jan 2014
Using Database v8292
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
11:52:19 AM: ----- Checking Default File Associations ----No modified default file associations detected
************************************************************
11:52:19 AM: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.
************************************************************
11:52:20 AM: Scanning ----- Windows Registry -----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: C:\WINDOWS\Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "Userinit" value calls the following program(s):
Key value: [userinit.exe,]
File: userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "System" value appears to be blank
---------This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-----------------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [RTHDCPL]
Value Data: [RTHDCPL.EXE]
C:\WINDOWS\RTHDCPL.EXE
20117136 bytes
Created: 6/2/2013 9:30 AM
Modified: 8/6/2012 10:37 PM
Company: Realtek Semiconductor Corp.
-------------------Value Name: [ShStatEXE]
Value Data: ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALO
NE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
124240 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------Value Name: [TrojanScanner]
Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot]
C:\Program Files\Trojan Remover\Trjscan.exe
1655568 bytes
Created: 11/5/2013 7:32 AM
Modified: 7/19/2013 5:42 PM
Company: Simply Super Software
-------------------Value Name: [KeyScrambler]
Value Data: [C:\Program Files\KeyScrambler\keyscrambler.exe /a]
C:\Program Files\KeyScrambler\keyscrambler.exe
508048 bytes
Created: 7/12/2013 10:01 AM
Modified: 7/12/2013 10:01 AM
Company: QFX Software Corporation
-------------------Value Name: [KernelFaultCheck]
Value Data: [%systemroot%\system32\dumprep 0 -k]
C:\WINDOWS\system32\dumprep.exe
10752 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------Value Name: [NvCplDaemon]
Value Data: [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
C:\WINDOWS\system32\NvCpl.dll
15517984 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [InstantFileFind]
Value Data: [C:\Program Files\Instant File Find\InstantFileFind.exe /hide]
C:\Program Files\Instant File Find\InstantFileFind.exe
352256 bytes

Created: 6/5/2013 12:13 AM

Modified: 8/22/2011 8:17 PM
Company: SearchOnPc.com
-------------------Value Name: [IDMan]
Value Data: [C:\Program Files\Internet Download Manager\IDMan.exe /onboot]
C:\Program Files\Internet Download Manager\IDMan.exe
-R- 3825232 bytes
Created: 11/9/2013 10:38 AM
Modified: 1/6/2014 11:48 AM
Company: Tonec Inc.
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
11:52:24 AM: Scanning -----SHELLEXECUTEHOOKS----ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:
shell32.dll - this file is expected and has been left in place
---------************************************************************
11:52:24 AM: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found
---------************************************************************
11:52:24 AM: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
220672 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------************************************************************
11:52:24 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----************************************************************
11:52:24 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----************************************************************
11:52:24 AM: Scanning ----- SERVICES REGISTRY KEYS ----Key:
AdvancedSystemCareService6
ImagePath: C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - [file not found to
scan]
---------Key:
Ambfilt
ImagePath: system32\drivers\Ambfilt.sys
C:\WINDOWS\system32\drivers\Ambfilt.sys
1691480 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:16 PM
Company: Creative
---------Key:
aspnet_state

ImagePath: %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
35160 bytes
Created: 3/18/2010 4:47 PM
Modified: 3/18/2010 4:47 PM
Company: Microsoft Corporation
---------Key:
atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
clr_optimization_v4.0.30319_32
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------Key:
FileMonitor
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\File
Monitor.sys
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys - [
file not found to scan]
---------Key:
Freemake Improver
ImagePath: "C:\Documents and Settings\All Users\Application Data\Freemake\Freema
keUtilsService\FreemakeUtilsService.exe"
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsServi
ce\FreemakeUtilsService.exe
101888 bytes
Created: 7/2/2013 11:31 AM
Modified: 11/21/2013 9:59 AM
Company: Freemake
---------Key:
FreemakeVideoCapture
ImagePath: "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe"
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
9216 bytes
Created: 12/1/2013 8:10 AM
Modified: 11/21/2013 9:58 AM
Company: Ellora Assets Corp.
---------Key:
gupdatem
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
---------Key:
IDMTDI
ImagePath: system32\DRIVERS\idmtdi.sys
C:\WINDOWS\system32\DRIVERS\idmtdi.sys
121184 bytes
Created: 11/9/2013 10:38 AM

Modified: 11/8/2013 5:11 AM

Company: Tonec Inc.
---------Key:
KeyScrambler
ImagePath: System32\drivers\keyscrambler.sys
C:\WINDOWS\System32\drivers\keyscrambler.sys
209016 bytes
Created: 12/2/2013 10:32 AM
Modified: 5/31/2013 8:23 PM
Company: QFX Software Corporation
---------Key:
McAfeeEngineService
ImagePath: "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe"
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
19456 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfeapfk
ImagePath: system32\drivers\mfeapfk.sys
C:\WINDOWS\system32\drivers\mfeapfk.sys
74648 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfeavfk
ImagePath: system32\drivers\mfeavfk.sys
C:\WINDOWS\system32\drivers\mfeavfk.sys
90360 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfebopk
ImagePath: system32\drivers\mfebopk.sys
C:\WINDOWS\system32\drivers\mfebopk.sys
42424 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfehidk
ImagePath: system32\drivers\mfehidk.sys
C:\WINDOWS\system32\drivers\mfehidk.sys
565352 bytes
Created: 6/2/2013 12:26 PM
Modified: 11/19/2013 6:53 PM
Company: McAfee, Inc.
---------Key:
mfetdik
ImagePath: system32\drivers\mfetdik.sys
C:\WINDOWS\system32\drivers\mfetdik.sys
62704 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfevtp

ImagePath: "C:\WINDOWS\system32\mfevtps.exe"
C:\WINDOWS\system32\mfevtps.exe
167344 bytes
Created: 6/2/2013 12:26 PM
Modified: 11/19/2013 6:53 PM
Company: McAfee, Inc.
---------Key:
Monfilt
ImagePath: system32\drivers\Monfilt.sys
C:\WINDOWS\system32\drivers\Monfilt.sys
1395800 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:17 PM
Company: Creative Technology Ltd.
---------Key:
NitroDriverReadSpool8
ImagePath: "C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe"
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
196616 bytes
Created: 3/25/2013 7:08 PM
Modified: 3/25/2013 7:08 PM
Company: Nitro PDF Software
---------Key:
NPF
ImagePath: system32\drivers\NPF.sys
C:\WINDOWS\system32\drivers\NPF.sys - [file not found to scan]
---------Key:
NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
70912 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
168040 bytes
Created: 6/2/2013 9:32 AM
Modified: 4/9/2010 2:30 AM
Company: NVIDIA Corporation
---------Key:
nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13824 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvUpdatusService
ImagePath: "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1259296 bytes
Created: 7/5/2013 12:16 PM
Modified: 3/23/2013 1:22 AM
Company: NVIDIA Corporation
---------Key:
RegFilter

ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regf

ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys - [fi
le not found to scan]
---------Key:
SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{792CA496-B707-4342-B7CC-2
7C6B33C8245}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
UrlFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlF
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys - [fi
le not found to scan]
---------Key:
WPFFontCache_v0400
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.
exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
753504 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------************************************************************
11:52:30 AM: Scanning -----VXD ENTRIES----************************************************************
11:52:30 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----Key
: KeyScrambler
DLLName: %SystemRoot%\System32\KeyScramblerLogon.dll
C:\WINDOWS\System32\KeyScramblerLogon.dll
90768 bytes
Created: 7/12/2013 10:01 AM
Modified: 7/12/2013 10:01 AM
Company: QFX Software Corporation
---------************************************************************
11:52:31 AM: Scanning ----- ContextMenuHandlers ----Key: NPShellExtension
CLSID: {9C4B85B8-956C-49BF-9BA5-101384E562B2}
Path: C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
95752 bytes
Created: 3/25/2013 7:08 PM
Modified: 3/25/2013 7:08 PM
Company: Nitro PDF
---------Key: VirusScan
CLSID: {cda2863e-2497-4c49-9b89-06840e070a87}
Path: C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
31568 bytes

Created: 9/29/2008 8:07 AM

Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key: WondershareVideoConverterFileOpreation
CLSID: {55D63393-DB17-4A2B-9052-15D85B4B1344}
Path: C:\WINDOWS\system32\WSCM32.dll
C:\WINDOWS\system32\WSCM32.dll
153088 bytes
Created: 7/2/2013 11:38 AM
Modified: 3/25/2013 10:57 AM
Company:
---------************************************************************
11:52:31 AM: Scanning ----- Folder\ColumnHandlers ----Key: {FED7043D-346A-414D-ACD7-550D052499A7}
File: C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
195144 bytes
Created: 7/8/2013 2:53 PM
Modified: 7/8/2013 2:53 PM
Company: Illustrate
---------************************************************************
11:52:31 AM: Scanning ----- Browser Helper Objects ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8}
BHO: C:\Program Files\Internet Download Manager\IDMIECC.dll
C:\Program Files\Internet Download Manager\IDMIECC.dll
401432 bytes
Created: 11/9/2013 10:38 AM
Modified: 11/9/2013 10:38 AM
Company: Internet Download Manager, Tonec Inc.
---------************************************************************
11:52:32 AM: Scanning ----- ShellServiceObjectDelayLoad Entries ----************************************************************
11:52:32 AM: Scanning ----- ShellServiceObjects ----CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
File: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
236544 bytes
Created: 4/14/2008 5:30 PM
Modified: 3/8/2009 4:34 AM
Company: Microsoft Corporation
---------************************************************************
11:52:32 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----************************************************************
11:52:32 AM: Scanning ----- IMAGEFILE DEBUGGERS ----No "Debugger" entries found.
************************************************************
11:52:32 AM: Scanning ----- APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist

************************************************************
11:52:32 AM: Scanning ----- SECURITY PROVIDER DLLS ----************************************************************
11:52:32 AM: Scanning ------ COMMON STARTUP GROUP -----[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 2:33 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
-------------------************************************************************
11:52:32 AM: Scanning ------ USER STARTUP GROUPS ------------------------Checking Startup Group for: SAI
[C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP]
The Startup Group for SAI attempts to load the following file(s):
C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 9:19 AM
Modified: 6/2/2013 9:15 AM
Company: [no info]
----------------------------Checking Startup Group for: UpdatusUser
[C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP]
The Startup Group for UpdatusUser attempts to load the following file(s):
C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 7/5/2013 12:16 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
---------************************************************************
11:52:33 AM: Scanning ----- SCHEDULED TASKS ----No Scheduled Tasks found to scan
************************************************************
11:52:33 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----Key: IDM Shell Extension
CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D}
File: C:\Program Files\Internet Download Manager\IDMShellExt.dll
C:\Program Files\Internet Download Manager\IDMShellExt.dll
21904 bytes
Created: 11/28/2013 4:14 PM
Modified: 11/16/2012 4:37 AM
Company: Tonec Inc.
---------************************************************************
11:52:33 AM: Scanning ----- DEVICE DRIVER ENTRIES ----************************************************************
11:52:33 AM: ----- ADDITIONAL CHECKS ----PE386 rootkit checks completed

---------Winlogon registry rootkit checks completed

---------Heuristic checks for hidden files/drivers completed
---------Layered Service Provider entries checks completed
---------Windows Explorer Policies checks completed
---------Desktop Wallpaper: C:\Documents and Settings\SAI\Local Settings\Application Data
\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
41990454 bytes
Created: 7/22/2013 10:17 AM
Modified: 1/6/2014 9:48 AM
Company: [no info]
---------Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\W
allpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
41990454 bytes
Created: 7/22/2013 10:17 AM
Modified: 1/6/2014 9:48 AM
Company: [no info]
---------Checks for rogue DNS NameServers completed
---------Checks for Backdoor.ZeroAccess completed
---------Safe Mode checks completed
---------Additional checks completed
************************************************************
11:52:36 AM: Scanning ----- RUNNING PROCESSES ----C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\services.exe
108544 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM

Company: Microsoft Corporation

-------------------C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Program Files\McAfee\Common Framework\FrameworkService.exe
103744 bytes
Created: 3/14/2008 4:00 AM
Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
62800 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 10/26/2006 1:40 PM
Modified: 10/26/2006 1:40 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\nvsvc32.exe
156448 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
226624 bytes
Created: 3/14/2008 4:00 AM
Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
143088 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
26672 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM

Company: McAfee, Inc.

-------------------C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\wbem\wmiprvse.exe
218112 bytes
Created: 6/2/2013 9:11 AM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Documents and Settings\SAI\Application Data\BitTorrent\BitTorrent.exe
883552 bytes
Created: 7/23/2013 10:33 AM
Modified: 7/31/2013 12:12 PM
Company: BitTorrent Inc.
-------------------C:\Program Files\Internet Download Manager\IEMonitor.exe
269848 bytes
Created: 11/9/2013 10:38 AM
Modified: 11/7/2013 4:47 PM
Company: Tonec Inc.
-------------------C:\Documents and Settings\SAI\Application Data\Simply Super Software\Trojan Remo
ver\yck37.exe
FileSize:
5070072
[This is a Trojan Remover component]
--------------------------------------C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------************************************************************
11:52:40 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":

https://www.google.co.in/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.google.com
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 11:52:41 AM 06 Jan 2014
Total Scan time: 00:00:22
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 7:32:35 AM 06 Jan 2014
Using Database v8292
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on J:\RECYCLER
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files already renamed by Trojan Remover.
----------------------------------------------------------1 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 7:32:37 AM 06 Jan 2014
Total Scan time: 00:00:00
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 9:49:59 AM 04 Jan 2014
Using Database v8292
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
9:50:01 AM: ----- Checking Default File Associations ----No modified default file associations detected
************************************************************
9:50:01 AM: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.
************************************************************
9:50:02 AM: Scanning ----- Windows Registry -----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: C:\WINDOWS\Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "Userinit" value calls the following program(s):
Key value: [userinit.exe,]
File: userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "System" value appears to be blank
---------This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
----------------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [RTHDCPL]
Value Data: [RTHDCPL.EXE]
C:\WINDOWS\RTHDCPL.EXE
20117136 bytes
Created: 6/2/2013 9:30 AM
Modified: 8/6/2012 10:37 PM
Company: Realtek Semiconductor Corp.
-------------------Value Name: [ShStatEXE]
Value Data: ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALO
NE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

124240 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------Value Name: [TrojanScanner]
Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot]
C:\Program Files\Trojan Remover\Trjscan.exe
1655568 bytes
Created: 11/5/2013 7:32 AM
Modified: 7/19/2013 5:42 PM
Company: Simply Super Software
-------------------Value Name: [KernelFaultCheck]
Value Data: [%systemroot%\system32\dumprep 0 -k]
C:\WINDOWS\system32\dumprep.exe
10752 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------Value Name: [NvCplDaemon]
Value Data: [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
C:\WINDOWS\system32\NvCpl.dll
15517984 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------Value Name: [mobilegeni daemon]
Value Data: [C:\Program Files\Mobogenie\DaemonProcess.exe]
C:\Program Files\Mobogenie\DaemonProcess.exe - [file not found to scan]
-------------------Value Name: [KeyScrambler]
Value Data: [C:\Program Files\KeyScrambler\keyscrambler.exe /a]
C:\Program Files\KeyScrambler\keyscrambler.exe
508144 bytes
Created: 11/14/2013 11:47 PM
Modified: 11/14/2013 11:47 PM
Company: QFX Software Corporation
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [InstantFileFind]
Value Data: [C:\Program Files\Instant File Find\InstantFileFind.exe /hide]
C:\Program Files\Instant File Find\InstantFileFind.exe
352256 bytes
Created: 6/5/2013 12:13 AM
Modified: 8/22/2011 8:17 PM
Company: SearchOnPc.com
-------------------Value Name: [Octoshape Streaming Services]
Value Data: ["C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape
Streaming Services\OctoshapeClient.exe" -inv:bootrun]
C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape Streaming Ser
vices\OctoshapeClient.exe
70936 bytes
Created: 9/18/2013 9:45 PM

Modified: 1/8/2009 7:14 PM

Company: Octoshape ApS
-------------------Value Name: [IDMan]
Value Data: [C:\Program Files\Internet Download Manager\IDMan.exe /onboot]
C:\Program Files\Internet Download Manager\IDMan.exe
3821136 bytes
Created: 11/28/2013 4:14 PM
Modified: 12/1/2013 2:34 PM
Company: Tonec Inc.
-------------------Value Name: [NextLive]
Value Data: [C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\SAI\App
lication Data\newnext.me\nengine.dll",EntryPoint -m l]
C:\Documents and Settings\SAI\Application Data\newnext.me\nengine.dll
1283584 bytes
Created: 12/30/2013 7:10 AM
Modified: 11/14/2013 8:23 AM
Company: NewNextDotMe
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
9:50:09 AM: Scanning -----SHELLEXECUTEHOOKS----ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:
shell32.dll - this file is expected and has been left in place
---------************************************************************
9:50:09 AM: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found
---------************************************************************
9:50:09 AM: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
220672 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------************************************************************
9:50:10 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----************************************************************
9:50:10 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----************************************************************
9:50:10 AM: Scanning ----- SERVICES REGISTRY KEYS ----Key:
AdvancedSystemCareService6
ImagePath: C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - [file not found to
scan]
---------Key:
Ambfilt

ImagePath: system32\drivers\Ambfilt.sys
C:\WINDOWS\system32\drivers\Ambfilt.sys
1691480 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:16 PM
Company: Creative
---------Key:
aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
35160 bytes
Created: 3/18/2010 4:47 PM
Modified: 3/18/2010 4:47 PM
Company: Microsoft Corporation
---------Key:
atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
clr_optimization_v4.0.30319_32
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------Key:
FileMonitor
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\File
Monitor.sys
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys - [
file not found to scan]
---------Key:
Freemake Improver
ImagePath: "C:\Documents and Settings\All Users\Application Data\Freemake\Freema
keUtilsService\FreemakeUtilsService.exe"
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsServi
ce\FreemakeUtilsService.exe
101888 bytes
Created: 7/2/2013 11:31 AM
Modified: 11/21/2013 9:59 AM
Company: Freemake
---------Key:
FreemakeVideoCapture
ImagePath: "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe"
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
9216 bytes
Created: 12/1/2013 8:10 AM
Modified: 11/21/2013 9:58 AM
Company: Ellora Assets Corp.
---------Key:
gupdatem
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM

Modified: 9/15/2013 7:45 PM

Company: Google Inc.
---------Key:
IDMTDI
ImagePath: system32\DRIVERS\idmtdi.sys
C:\WINDOWS\system32\DRIVERS\idmtdi.sys
121184 bytes
Created: 11/28/2013 4:14 PM
Modified: 11/28/2013 5:54 AM
Company: Tonec Inc.
---------Key:
KeyScrambler
ImagePath: System32\drivers\keyscrambler.sys
C:\WINDOWS\System32\drivers\keyscrambler.sys
209016 bytes
Created: 12/2/2013 10:32 AM
Modified: 5/31/2013 8:23 PM
Company: QFX Software Corporation
---------Key:
McAfeeEngineService
ImagePath: "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe"
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
19456 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfeapfk
ImagePath: system32\drivers\mfeapfk.sys
C:\WINDOWS\system32\drivers\mfeapfk.sys
74648 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfeavfk
ImagePath: system32\drivers\mfeavfk.sys
C:\WINDOWS\system32\drivers\mfeavfk.sys
90360 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfebopk
ImagePath: system32\drivers\mfebopk.sys
C:\WINDOWS\system32\drivers\mfebopk.sys
42424 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfehidk
ImagePath: system32\drivers\mfehidk.sys
C:\WINDOWS\system32\drivers\mfehidk.sys
565352 bytes
Created: 6/2/2013 12:26 PM
Modified: 11/19/2013 6:53 PM
Company: McAfee, Inc.
---------Key:
mfetdik

ImagePath: system32\drivers\mfetdik.sys
C:\WINDOWS\system32\drivers\mfetdik.sys
62704 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfevtp
ImagePath: "C:\WINDOWS\system32\mfevtps.exe"
C:\WINDOWS\system32\mfevtps.exe
167344 bytes
Created: 6/2/2013 12:26 PM
Modified: 11/19/2013 6:53 PM
Company: McAfee, Inc.
---------Key:
Monfilt
ImagePath: system32\drivers\Monfilt.sys
C:\WINDOWS\system32\drivers\Monfilt.sys
1395800 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:17 PM
Company: Creative Technology Ltd.
---------Key:
NitroDriverReadSpool8
ImagePath: "C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe"
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
196616 bytes
Created: 3/25/2013 7:08 PM
Modified: 3/25/2013 7:08 PM
Company: Nitro PDF Software
---------Key:
NPF
ImagePath: system32\drivers\NPF.sys
C:\WINDOWS\system32\drivers\NPF.sys - [file not found to scan]
---------Key:
NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
70912 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
168040 bytes
Created: 6/2/2013 9:32 AM
Modified: 4/9/2010 2:30 AM
Company: NVIDIA Corporation
---------Key:
nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13824 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvUpdatusService

ImagePath: "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1259296 bytes
Created: 7/5/2013 12:16 PM
Modified: 3/23/2013 1:22 AM
Company: NVIDIA Corporation
---------Key:
RegFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regf
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys - [fi
le not found to scan]
---------Key:
SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{792CA496-B707-4342-B7CC-2
7C6B33C8245}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
UrlFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlF
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys - [fi
le not found to scan]
---------Key:
WinSpoolSvc
ImagePath: "C:\WINDOWS\system32\csrsc.exe"
C:\WINDOWS\system32\csrsc.exe - [file not found to scan]
---------Key:
WPFFontCache_v0400
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.
exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
753504 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------************************************************************
9:50:19 AM: Scanning -----VXD ENTRIES----************************************************************
9:50:19 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----Key
: KeyScrambler
DLLName: %SystemRoot%\System32\KeyScramblerLogon.dll
C:\WINDOWS\System32\KeyScramblerLogon.dll
90864 bytes
Created: 7/12/2013 10:01 AM
Modified: 11/14/2013 11:47 PM
Company: QFX Software Corporation
---------************************************************************
9:50:20 AM: Scanning ----- ContextMenuHandlers ----Key: NPShellExtension
CLSID: {9C4B85B8-956C-49BF-9BA5-101384E562B2}

Path: C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
95752 bytes
Created: 3/25/2013 7:08 PM
Modified: 3/25/2013 7:08 PM
Company: Nitro PDF
---------Key: VirusScan
CLSID: {cda2863e-2497-4c49-9b89-06840e070a87}
Path: C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
31568 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key: WondershareVideoConverterFileOpreation
CLSID: {55D63393-DB17-4A2B-9052-15D85B4B1344}
Path: C:\WINDOWS\system32\WSCM32.dll
C:\WINDOWS\system32\WSCM32.dll
153088 bytes
Created: 7/2/2013 11:38 AM
Modified: 3/25/2013 10:57 AM
Company:
---------************************************************************
9:50:21 AM: Scanning ----- Folder\ColumnHandlers ----Key: {FED7043D-346A-414D-ACD7-550D052499A7}
File: C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
195144 bytes
Created: 7/8/2013 2:53 PM
Modified: 7/8/2013 2:53 PM
Company: Illustrate
---------************************************************************
9:50:21 AM: Scanning ----- Browser Helper Objects ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8}
BHO: C:\Program Files\Internet Download Manager\IDMIECC.dll
C:\Program Files\Internet Download Manager\IDMIECC.dll
401944 bytes
Created: 11/28/2013 4:14 PM
Modified: 11/28/2013 3:54 PM
Company: Internet Download Manager, Tonec Inc.
---------************************************************************
9:50:21 AM: Scanning ----- ShellServiceObjectDelayLoad Entries ----************************************************************
9:50:21 AM: Scanning ----- ShellServiceObjects ----CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
File: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
236544 bytes
Created: 4/14/2008 5:30 PM
Modified: 3/8/2009 4:34 AM
Company: Microsoft Corporation

---------************************************************************
9:50:21 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----************************************************************
9:50:21 AM: Scanning ----- IMAGEFILE DEBUGGERS ----No "Debugger" entries found.
************************************************************
9:50:21 AM: Scanning ----- APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist
************************************************************
9:50:21 AM: Scanning ----- SECURITY PROVIDER DLLS ----************************************************************
9:50:22 AM: Scanning ------ COMMON STARTUP GROUP -----[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 2:33 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
-------------------************************************************************
9:50:22 AM: Scanning ------ USER STARTUP GROUPS ------------------------Checking Startup Group for: SAI
[C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP]
The Startup Group for SAI attempts to load the following file(s):
C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 9:19 AM
Modified: 6/2/2013 9:15 AM
Company: [no info]
----------------------------Checking Startup Group for: UpdatusUser
[C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP]
The Startup Group for UpdatusUser attempts to load the following file(s):
C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 7/5/2013 12:16 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
---------************************************************************
9:50:22 AM: Scanning ----- SCHEDULED TASKS ----Taskname:
At1
File:
C:\DOCUME~1\SAI\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE
Parameters:
/Check
Schedule:
Every 1 hour(s) from 11:20 AM for 24 hour(s) every day, starting
8/14/2013
Next Run Time: 1/4/2014 10:20:00 AM
Status:
Has not run
Creator:
SYSTEM

Comments:
Created by NetScheduleJobAdd.
C:\DOCUME~1\SAI\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE - [file not found to scan
]
---------Taskname:
CatalinaGroupUpdateTaskUserS-1-5-21-1390067357-813497703-18016745
31-1003Core
File:
C:\Documents and Settings\SAI\Local Settings\Application Data\Cat
alinaGroup\Update\CatalinaUpdate.exe
C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\CatalinaUpdate.exe
147440 bytes
Created: 9/15/2013 7:48 PM
Modified: 10/28/2013 9:02 PM
Company: Catalina Group Ltd.
Parameters:
/c
Schedule:
At 9:08 PM every day, starting 10/28/2013
Next Run Time: 1/4/2014 9:08:00 PM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Catalina software up to date. If this task is disabled
or stopped, your Catalina software will not be kept up to date, meaning securit
y vulnerabilities that may arise cannot be fixed and features may not work. This
task uninstalls itself when there is no Catalina software using it.
---------Taskname:
CatalinaGroupUpdateTaskUserS-1-5-21-1390067357-813497703-18016745
31-1003UA
File:
C:\Documents and Settings\SAI\Local Settings\Application Data\Cat
alinaGroup\Update\CatalinaUpdate.exe
C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\CatalinaUpdate.exe
147440 bytes
Created: 9/15/2013 7:48 PM
Modified: 10/28/2013 9:02 PM
Company: Catalina Group Ltd.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 9:08 PM for 24 hour(s) every day, starting 1
0/28/2013
Next Run Time: 1/4/2014 10:08:00 AM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Catalina software up to date. If this task is disabled
or stopped, your Catalina software will not be kept up to date, meaning securit
y vulnerabilities that may arise cannot be fixed and features may not work. This
task uninstalls itself when there is no Catalina software using it.
---------Taskname:
GoogleUpdateTaskMachineCore
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
Parameters:
/c
Schedule:
Multiple schedule times
Next Run Time: 1/4/2014 9:06:00 PM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Google software up to date. If this task is disabled o
r stopped, your Google software will not be kept up to date, meaning security vu
lnerabilities that may arise cannot be fixed and features may not work. This tas

k uninstalls itself when there is no Google software using it.

---------Taskname:
GoogleUpdateTaskMachineUA
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 9:06 PM for 24 hour(s) every day, starting 1
2/7/2013
Next Run Time: 1/4/2014 10:06:00 AM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Google software up to date. If this task is disabled o
r stopped, your Google software will not be kept up to date, meaning security vu
lnerabilities that may arise cannot be fixed and features may not work. This tas
k uninstalls itself when there is no Google software using it.
---------************************************************************
9:50:23 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----Key: IDM Shell Extension
CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D}
File: C:\Program Files\Internet Download Manager\IDMShellExt.dll
C:\Program Files\Internet Download Manager\IDMShellExt.dll
21904 bytes
Created: 11/28/2013 4:14 PM
Modified: 11/16/2012 4:37 AM
Company: Tonec Inc.
---------************************************************************
9:50:23 AM: Scanning ----- DEVICE DRIVER ENTRIES ----************************************************************
9:50:24 AM: ----- ADDITIONAL CHECKS ----PE386 rootkit checks completed
---------Winlogon registry rootkit checks completed
---------Heuristic checks for hidden files/drivers completed
---------Layered Service Provider entries checks completed
---------Windows Explorer Policies checks completed
---------Desktop Wallpaper: C:\Documents and Settings\SAI\Local Settings\Application Data
\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
41990454 bytes
Created: 7/22/2013 10:17 AM
Modified: 1/3/2014 2:19 PM
Company: [no info]
---------Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\W
allpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape

r1.bmp
41990454 bytes
Created: 7/22/2013 10:17 AM
Modified: 1/3/2014 2:19 PM
Company: [no info]
---------Checks for rogue DNS NameServers completed
---------Checks for Backdoor.ZeroAccess completed
---------Safe Mode checks completed
---------Additional checks completed
************************************************************
9:50:27 AM: Scanning ----- RUNNING PROCESSES ----C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\services.exe
108544 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Program Files\KeyScrambler\KeyScramblerLogon.exe
508048 bytes
Created: 7/12/2013 10:01 AM
Modified: 7/12/2013 10:01 AM
Company: QFX Software Corporation
-------------------C:\WINDOWS\system32\spoolsv.exe

57856 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Documents and Settings\SAI\Application Data\Simply Super Software\Trojan Remo
ver\fyc2.exe
FileSize:
5070072
[This is a Trojan Remover component]
--------------------------------------C:\Program Files\McAfee\Common Framework\FrameworkService.exe
103744 bytes
Created: 3/14/2008 4:00 AM
Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
62800 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 10/26/2006 1:40 PM
Modified: 10/26/2006 1:40 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\nvsvc32.exe
156448 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
226624 bytes
Created: 3/14/2008 4:00 AM
Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
143088 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
26672 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\WINDOWS\system32\wuauclt.exe

111104 bytes
Created: 6/2/2013 9:13 AM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------************************************************************
9:50:32 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.co.in/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.google.com
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 9:50:32 AM 04 Jan 2014
Total Scan time: 00:00:33
************************************************************
======================================
[INCOMPLETE SCAN LOG RECOVERED]
======================================
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 8:16:30 AM 04 Jan 2014
Using Database v8262
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
Carrying out scan on C:\
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files already renamed by Trojan Remover.
-----------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[INCOMPLETE SCAN LOG RECOVERED]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 8:15:48 AM 04 Jan 2014
Using Database v8262
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
8:15:50 AM: ----- Checking Default File Associations ----No modified default file associations detected
************************************************************
8:15:50 AM: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.
************************************************************
8:15:51 AM: Scanning ----- Windows Registry -----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: C:\WINDOWS\Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "Userinit" value calls the following program(s):
Key value: [userinit.exe,]
File: userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "System" value appears to be blank

---------This key's "UIHost" value calls the following program:

Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
----------------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [RTHDCPL]
Value Data: [RTHDCPL.EXE]
C:\WINDOWS\RTHDCPL.EXE
20117136 bytes
Created: 6/2/2013 9:30 AM
Modified: 8/6/2012 10:37 PM
Company: Realtek Semiconductor Corp.
-------------------Value Name: [ShStatEXE]
Value Data: ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALO
NE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
124240 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------Value Name: [TrojanScanner]
Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot]
C:\Program Files\Trojan Remover\Trjscan.exe
1655568 bytes
Created: 11/5/2013 7:32 AM
Modified: 7/19/2013 5:42 PM
Company: Simply Super Software
-------------------Value Name: [KernelFaultCheck]
Value Data: [%systemroot%\system32\dumprep 0 -k]
C:\WINDOWS\system32\dumprep.exe
10752 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------Value Name: [NvCplDaemon]
Value Data: [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
C:\WINDOWS\system32\NvCpl.dll
15517984 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------Value Name: [mobilegeni daemon]
Value Data: [C:\Program Files\Mobogenie\DaemonProcess.exe]
C:\Program Files\Mobogenie\DaemonProcess.exe - [file not found to scan]
-------------------Value Name: [KeyScrambler]

Value Data: [C:\Program Files\KeyScrambler\keyscrambler.exe /a]

C:\Program Files\KeyScrambler\keyscrambler.exe
508144 bytes
Created: 11/14/2013 11:47 PM
Modified: 11/14/2013 11:47 PM
Company: QFX Software Corporation
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [InstantFileFind]
Value Data: [C:\Program Files\Instant File Find\InstantFileFind.exe /hide]
C:\Program Files\Instant File Find\InstantFileFind.exe
352256 bytes
Created: 6/5/2013 12:13 AM
Modified: 8/22/2011 8:17 PM
Company: SearchOnPc.com
-------------------Value Name: [Octoshape Streaming Services]
Value Data: ["C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape
Streaming Services\OctoshapeClient.exe" -inv:bootrun]
C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape Streaming Ser
vices\OctoshapeClient.exe
70936 bytes
Created: 9/18/2013 9:45 PM
Modified: 1/8/2009 7:14 PM
Company: Octoshape ApS
-------------------Value Name: [IDMan]
Value Data: [C:\Program Files\Internet Download Manager\IDMan.exe /onboot]
C:\Program Files\Internet Download Manager\IDMan.exe
3821136 bytes
Created: 11/28/2013 4:14 PM
Modified: 12/1/2013 2:34 PM
Company: Tonec Inc.
-------------------Value Name: [NextLive]
Value Data: [C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\SAI\App
lication Data\newnext.me\nengine.dll",EntryPoint -m l]
C:\Documents and Settings\SAI\Application Data\newnext.me\nengine.dll
1283584 bytes
Created: 12/30/2013 7:10 AM
Modified: 11/14/2013 8:23 AM
Company: NewNextDotMe
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
8:15:56 AM: Scanning -----SHELLEXECUTEHOOKS----ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:
shell32.dll - this file is expected and has been left in place
---------************************************************************
8:15:56 AM: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found

---------************************************************************
8:15:56 AM: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
220672 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------************************************************************
8:15:56 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----************************************************************
8:15:57 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----************************************************************
8:15:57 AM: Scanning ----- SERVICES REGISTRY KEYS ----Key:
AdvancedSystemCareService6
ImagePath: C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - [file not found to
scan]
---------Key:
Ambfilt
ImagePath: system32\drivers\Ambfilt.sys
C:\WINDOWS\system32\drivers\Ambfilt.sys
1691480 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:16 PM
Company: Creative
---------Key:
aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
35160 bytes
Created: 3/18/2010 4:47 PM
Modified: 3/18/2010 4:47 PM
Company: Microsoft Corporation
---------Key:
atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
clr_optimization_v4.0.30319_32
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------Key:
FileMonitor
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\File
Monitor.sys

C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys - [

file not found to scan]
---------Key:
Freemake Improver
ImagePath: "C:\Documents and Settings\All Users\Application Data\Freemake\Freema
keUtilsService\FreemakeUtilsService.exe"
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsServi
ce\FreemakeUtilsService.exe
101888 bytes
Created: 7/2/2013 11:31 AM
Modified: 11/21/2013 9:59 AM
Company: Freemake
---------Key:
FreemakeVideoCapture
ImagePath: "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe"
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
9216 bytes
Created: 12/1/2013 8:10 AM
Modified: 11/21/2013 9:58 AM
Company: Ellora Assets Corp.
---------Key:
gupdatem
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
---------Key:
IDMTDI
ImagePath: system32\DRIVERS\idmtdi.sys
C:\WINDOWS\system32\DRIVERS\idmtdi.sys
121184 bytes
Created: 11/28/2013 4:14 PM
Modified: 11/28/2013 5:54 AM
Company: Tonec Inc.
---------Key:
KeyScrambler
ImagePath: System32\drivers\keyscrambler.sys
C:\WINDOWS\System32\drivers\keyscrambler.sys
209016 bytes
Created: 12/2/2013 10:32 AM
Modified: 5/31/2013 8:23 PM
Company: QFX Software Corporation
---------Key:
McAfeeEngineService
ImagePath: "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe"
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
19456 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfeapfk
ImagePath: system32\drivers\mfeapfk.sys
C:\WINDOWS\system32\drivers\mfeapfk.sys
74648 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.

---------Key:
mfeavfk
ImagePath: system32\drivers\mfeavfk.sys
C:\WINDOWS\system32\drivers\mfeavfk.sys
90360 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfebopk
ImagePath: system32\drivers\mfebopk.sys
C:\WINDOWS\system32\drivers\mfebopk.sys
42424 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfehidk
ImagePath: system32\drivers\mfehidk.sys
C:\WINDOWS\system32\drivers\mfehidk.sys
565352 bytes
Created: 6/2/2013 12:26 PM
Modified: 11/19/2013 6:53 PM
Company: McAfee, Inc.
---------Key:
mfetdik
ImagePath: system32\drivers\mfetdik.sys
C:\WINDOWS\system32\drivers\mfetdik.sys
62704 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfevtp
ImagePath: "C:\WINDOWS\system32\mfevtps.exe"
C:\WINDOWS\system32\mfevtps.exe
167344 bytes
Created: 6/2/2013 12:26 PM
Modified: 11/19/2013 6:53 PM
Company: McAfee, Inc.
---------Key:
Monfilt
ImagePath: system32\drivers\Monfilt.sys
C:\WINDOWS\system32\drivers\Monfilt.sys
1395800 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:17 PM
Company: Creative Technology Ltd.
---------Key:
NitroDriverReadSpool8
ImagePath: "C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe"
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
196616 bytes
Created: 3/25/2013 7:08 PM
Modified: 3/25/2013 7:08 PM
Company: Nitro PDF Software
---------Key:
NPF
ImagePath: system32\drivers\NPF.sys
C:\WINDOWS\system32\drivers\NPF.sys - [file not found to scan]

---------Key:
NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
70912 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
168040 bytes
Created: 6/2/2013 9:32 AM
Modified: 4/9/2010 2:30 AM
Company: NVIDIA Corporation
---------Key:
nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13824 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvUpdatusService
ImagePath: "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1259296 bytes
Created: 7/5/2013 12:16 PM
Modified: 3/23/2013 1:22 AM
Company: NVIDIA Corporation
---------Key:
RegFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regf
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys - [fi
le not found to scan]
---------Key:
SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{792CA496-B707-4342-B7CC-2
7C6B33C8245}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
UrlFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlF
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys - [fi
le not found to scan]
---------Key:
WPFFontCache_v0400
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.
exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
753504 bytes
Created: 3/18/2010 1:16 PM

Modified: 3/18/2010 1:16 PM

Company: Microsoft Corporation
---------************************************************************
8:16:04 AM: Scanning -----VXD ENTRIES----************************************************************
8:16:04 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----Key
: KeyScrambler
DLLName: %SystemRoot%\System32\KeyScramblerLogon.dll
C:\WINDOWS\System32\KeyScramblerLogon.dll
90864 bytes
Created: 7/12/2013 10:01 AM
Modified: 11/14/2013 11:47 PM
Company: QFX Software Corporation
---------************************************************************
8:16:04 AM: Scanning ----- ContextMenuHandlers ----Key: NPShellExtension
CLSID: {9C4B85B8-956C-49BF-9BA5-101384E562B2}
Path: C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
95752 bytes
Created: 3/25/2013 7:08 PM
Modified: 3/25/2013 7:08 PM
Company: Nitro PDF
---------Key: VirusScan
CLSID: {cda2863e-2497-4c49-9b89-06840e070a87}
Path: C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
31568 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key: WondershareVideoConverterFileOpreation
CLSID: {55D63393-DB17-4A2B-9052-15D85B4B1344}
Path: C:\WINDOWS\system32\WSCM32.dll
C:\WINDOWS\system32\WSCM32.dll
153088 bytes
Created: 7/2/2013 11:38 AM
Modified: 3/25/2013 10:57 AM
Company:
---------************************************************************
8:16:05 AM: Scanning ----- Folder\ColumnHandlers ----Key: {FED7043D-346A-414D-ACD7-550D052499A7}
File: C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
195144 bytes
Created: 7/8/2013 2:53 PM
Modified: 7/8/2013 2:53 PM
Company: Illustrate
---------************************************************************

8:16:05 AM: Scanning ----- Browser Helper Objects ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8}

BHO: C:\Program Files\Internet Download Manager\IDMIECC.dll
C:\Program Files\Internet Download Manager\IDMIECC.dll
401944 bytes
Created: 11/28/2013 4:14 PM
Modified: 11/28/2013 3:54 PM
Company: Internet Download Manager, Tonec Inc.
---------************************************************************
8:16:05 AM: Scanning ----- ShellServiceObjectDelayLoad Entries ----************************************************************
8:16:05 AM: Scanning ----- ShellServiceObjects ----CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
File: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
236544 bytes
Created: 4/14/2008 5:30 PM
Modified: 3/8/2009 4:34 AM
Company: Microsoft Corporation
---------************************************************************
8:16:06 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----************************************************************
8:16:06 AM: Scanning ----- IMAGEFILE DEBUGGERS ----No "Debugger" entries found.
************************************************************
8:16:06 AM: Scanning ----- APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist
************************************************************
8:16:06 AM: Scanning ----- SECURITY PROVIDER DLLS ----************************************************************
8:16:06 AM: Scanning ------ COMMON STARTUP GROUP -----[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 2:33 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
-------------------************************************************************
8:16:06 AM: Scanning ------ USER STARTUP GROUPS ------------------------Checking Startup Group for: SAI
[C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP]
The Startup Group for SAI attempts to load the following file(s):
C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 9:19 AM
Modified: 6/2/2013 9:15 AM
Company: [no info]

----------------------------Checking Startup Group for: UpdatusUser

[C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP]
The Startup Group for UpdatusUser attempts to load the following file(s):
C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 7/5/2013 12:16 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
---------************************************************************
8:16:07 AM: Scanning ----- SCHEDULED TASKS ----Taskname:
At1
File:
C:\DOCUME~1\SAI\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE
Parameters:
/Check
Schedule:
Every 1 hour(s) from 11:20 AM for 24 hour(s) every day, starting
8/14/2013
Next Run Time: 1/4/2014 8:20:00 AM
Status:
Has not run
Creator:
SYSTEM
Comments:
Created by NetScheduleJobAdd.
C:\DOCUME~1\SAI\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE - [file not found to scan
]
---------Taskname:
CatalinaGroupUpdateTaskUserS-1-5-21-1390067357-813497703-18016745
31-1003Core
File:
C:\Documents and Settings\SAI\Local Settings\Application Data\Cat
alinaGroup\Update\CatalinaUpdate.exe
C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\CatalinaUpdate.exe
147440 bytes
Created: 9/15/2013 7:48 PM
Modified: 10/28/2013 9:02 PM
Company: Catalina Group Ltd.
Parameters:
/c
Schedule:
At 9:08 PM every day, starting 10/28/2013
Next Run Time: 1/4/2014 9:08:00 PM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Catalina software up to date. If this task is disabled
or stopped, your Catalina software will not be kept up to date, meaning securit
y vulnerabilities that may arise cannot be fixed and features may not work. This
task uninstalls itself when there is no Catalina software using it.
---------Taskname:
CatalinaGroupUpdateTaskUserS-1-5-21-1390067357-813497703-18016745
31-1003UA
File:
C:\Documents and Settings\SAI\Local Settings\Application Data\Cat
alinaGroup\Update\CatalinaUpdate.exe
C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\CatalinaUpdate.exe
147440 bytes
Created: 9/15/2013 7:48 PM
Modified: 10/28/2013 9:02 PM
Company: Catalina Group Ltd.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 9:08 PM for 24 hour(s) every day, starting 1
0/28/2013
Next Run Time: 1/4/2014 9:08:00 AM

Status:
Ready
Creator:
SAI
Comments:
Keeps your Catalina software up to date. If this task is disabled
or stopped, your Catalina software will not be kept up to date, meaning securit
y vulnerabilities that may arise cannot be fixed and features may not work. This
task uninstalls itself when there is no Catalina software using it.
---------Taskname:
GoogleUpdateTaskMachineCore
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
Parameters:
/c
Schedule:
Multiple schedule times
Next Run Time: 1/4/2014 9:06:00 PM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Google software up to date. If this task is disabled o
r stopped, your Google software will not be kept up to date, meaning security vu
lnerabilities that may arise cannot be fixed and features may not work. This tas
k uninstalls itself when there is no Google software using it.
---------Taskname:
GoogleUpdateTaskMachineUA
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 9:06 PM for 24 hour(s) every day, starting 1
2/7/2013
Next Run Time: 1/4/2014 9:06:00 AM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Google software up to date. If this task is disabled o
r stopped, your Google software will not be kept up to date, meaning security vu
lnerabilities that may arise cannot be fixed and features may not work. This tas
k uninstalls itself when there is no Google software using it.
---------************************************************************
8:16:08 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----Key: IDM Shell Extension
CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D}
File: C:\Program Files\Internet Download Manager\IDMShellExt.dll
C:\Program Files\Internet Download Manager\IDMShellExt.dll
21904 bytes
Created: 11/28/2013 4:14 PM
Modified: 11/16/2012 4:37 AM
Company: Tonec Inc.
---------************************************************************
8:16:08 AM: Scanning ----- DEVICE DRIVER ENTRIES ----************************************************************
8:16:08 AM: ----- ADDITIONAL CHECKS -----

PE386 rootkit checks completed

---------Winlogon registry rootkit checks completed
---------Heuristic checks for hidden files/drivers completed
---------Layered Service Provider entries checks completed
---------Windows Explorer Policies checks completed
---------Desktop Wallpaper: C:\Documents and Settings\SAI\Local Settings\Application Data
\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
41990454 bytes
Created: 7/22/2013 10:17 AM
Modified: 1/3/2014 2:19 PM
Company: [no info]
---------Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\W
allpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
41990454 bytes
Created: 7/22/2013 10:17 AM
Modified: 1/3/2014 2:19 PM
Company: [no info]
---------Checks for rogue DNS NameServers completed
---------Checks for Backdoor.ZeroAccess completed
---------Safe Mode checks completed
---------Additional checks completed
************************************************************
8:16:12 AM: Scanning ----- RUNNING PROCESSES ----C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\services.exe
108544 bytes
Created: 4/14/2008 5:30 PM

Modified: 4/14/2008 5:30 PM

Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Program Files\KeyScrambler\KeyScramblerLogon.exe
508048 bytes
Created: 7/12/2013 10:01 AM
Modified: 7/12/2013 10:01 AM
Company: QFX Software Corporation
-------------------C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Program Files\McAfee\Common Framework\FrameworkService.exe
103744 bytes
Created: 3/14/2008 4:00 AM
Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
62800 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 10/26/2006 1:40 PM
Modified: 10/26/2006 1:40 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\nvsvc32.exe
156448 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
226624 bytes
Created: 3/14/2008 4:00 AM

Modified: 3/14/2008 4:00 AM

Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
143088 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
26672 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Program Files\Internet Download Manager\IEMonitor.exe
269848 bytes
Created: 11/28/2013 4:14 PM
Modified: 11/7/2013 4:47 PM
Company: Tonec Inc.
-------------------C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\PROGRA~1\Nitro\PRO8~1\NitroPDF.exe
4015112 bytes
Created: 3/25/2013 7:08 PM
Modified: 3/25/2013 7:08 PM
Company: Nitro PDF
-------------------C:\WINDOWS\system32\wbem\wmiprvse.exe
218112 bytes
Created: 6/2/2013 9:11 AM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Documents and Settings\SAI\Application Data\Simply Super Software\Trojan Remo
ver\ldl11.exe
FileSize:
5070072
[This is a Trojan Remover component]
--------------------------------------************************************************************
8:16:17 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":

C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.co.in/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.google.com
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 8:16:17 AM 04 Jan 2014
Total Scan time: 00:00:28
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 9:24:10 AM 01 Jan 2014
Using Database v8262
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on J:\
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files already renamed by Trojan Remover.
----------------------------------------------------------787 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 9:31:04 AM 01 Jan 2014
Total Scan time: 00:06:51
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com

[Registered to: soonerter@nokiamail.com]

Scan started at: 2:00:40 PM 30 Dec 2013
Using Database v8262
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on J:\
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files already renamed by Trojan Remover.
----------------------------------------------------------547 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 2:02:02 PM 30 Dec 2013
Total Scan time: 00:01:20
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 11:56:41 AM 29 Dec 2013
Using Database v8262
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on J:\
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files already renamed by Trojan Remover.
----------------------------------------------------------76 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 11:56:56 AM 29 Dec 2013
Total Scan time: 00:00:13
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com

[Registered to: soonerter@nokiamail.com]

Scan started at: 4:02:11 PM 19 Nov 2013
Using Database v8262
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on J:\
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files already renamed by Trojan Remover.
----------------------------------------------------------337 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 4:03:47 PM 19 Nov 2013
Total Scan time: 00:01:35
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 4:01:24 PM 19 Nov 2013
Using Database v8262
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on J:\
(including subdirectories)
Archive files will be EXCLUDED.
----------------------------------------------------------Scan stopped by user after 26 files were checked
No Malware files detected
Scan stopped at: 11/19/2013 4:01:40 PM
Total Scan time: 00:00:14
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]

Scan started at: 11:08:43 AM 17 Nov 2013

Using Database v8254
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on J:\
(including subdirectories)
Archive files will be EXCLUDED.
----------------------------------------------------------2 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 11:08:49 AM 17 Nov 2013
Total Scan time: 00:00:03
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 6:41:30 AM 11 Nov 2013
Using Database v8254
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on J:\
(including subdirectories)
Archive files will be EXCLUDED.
----------------------------------------------------------28 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 6:41:33 AM 11 Nov 2013
Total Scan time: 00:00:00
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 6:41:09 AM 11 Nov 2013
Using Database v8254

Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]

File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on J:\123
(including subdirectories)
Archive files will be EXCLUDED.
----------------------------------------------------------0 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 6:41:11 AM 11 Nov 2013
Total Scan time: 00:00:00
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 7:43:56 AM 05 Nov 2013
Using Database v8254
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
7:43:57 AM: ----- Checking Default File Associations ----No modified default file associations detected
************************************************************
7:43:57 AM: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.
************************************************************
7:43:57 AM: Scanning ----- Windows Registry -----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: C:\WINDOWS\Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 4/14/2008 5:30 PM

Modified: 4/14/2008 5:30 PM

Company: Microsoft Corporation
---------This key's "Userinit" value calls the following program(s):
Key value: [userinit.exe,]
File: userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "System" value appears to be blank
---------This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
----------------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [RTHDCPL]
Value Data: [RTHDCPL.EXE]
C:\WINDOWS\RTHDCPL.EXE
20117136 bytes
Created: 6/2/2013 9:30 AM
Modified: 8/6/2012 10:37 PM
Company: Realtek Semiconductor Corp.
-------------------Value Name: [ShStatEXE]
Value Data: ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALO
NE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
124240 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------Value Name: [NvCplDaemon]
Value Data: [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
C:\WINDOWS\system32\NvCpl.dll
15517984 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------Value Name: [TrojanScanner]
Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot]
C:\Program Files\Trojan Remover\Trjscan.exe
1655568 bytes
Created: 11/5/2013 7:32 AM
Modified: 7/19/2013 5:42 PM
Company: Simply Super Software
--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [InstantFileFind]
Value Data: [C:\Program Files\Instant File Find\InstantFileFind.exe /hide]
C:\Program Files\Instant File Find\InstantFileFind.exe
352256 bytes
Created: 6/5/2013 12:13 AM
Modified: 8/22/2011 8:17 PM
Company: SearchOnPc.com
-------------------Value Name: [Octoshape Streaming Services]
Value Data: ["C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape
Streaming Services\OctoshapeClient.exe" -inv:bootrun]
C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape Streaming Ser
vices\OctoshapeClient.exe
70936 bytes
Created: 9/18/2013 9:45 PM
Modified: 1/8/2009 7:14 PM
Company: Octoshape ApS
-------------------Value Name: [Airy Memory Cleaner]
Value Data: [C:\Program Files\Airy Memory Cleaner\AiryMC.exe]
C:\Program Files\Airy Memory Cleaner\AiryMC.exe
239616 bytes
Created: 9/2/2013 3:06 PM
Modified: 9/2/2013 3:06 PM
Company: http://www.airysoftware.com
-------------------Value Name: [RoboForm]
Value Data: ["C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"]
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
109784 bytes
Created: 10/21/2013 6:59 PM
Modified: 10/21/2013 6:58 PM
Company: Siber Systems
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
7:44:01 AM: Scanning -----SHELLEXECUTEHOOKS----ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:
shell32.dll - this file is expected and has been left in place
---------************************************************************
7:44:01 AM: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found
---------************************************************************
7:44:02 AM: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
220672 bytes
Created: 4/14/2008 5:30 PM

Modified: 4/14/2008 5:30 PM

Company: Microsoft Corporation
-------------------************************************************************
7:44:02 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----************************************************************
7:44:02 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----************************************************************
7:44:02 AM: Scanning ----- SERVICES REGISTRY KEYS ----Key:
AdvancedSystemCareService6
ImagePath: C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - [file not found to
scan]
---------Key:
Ambfilt
ImagePath: system32\drivers\Ambfilt.sys
C:\WINDOWS\system32\drivers\Ambfilt.sys
1691480 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:16 PM
Company: Creative
---------Key:
aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
35160 bytes
Created: 3/18/2010 4:47 PM
Modified: 3/18/2010 4:47 PM
Company: Microsoft Corporation
---------Key:
atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
clr_optimization_v4.0.30319_32
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------Key:
FileMonitor
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\File
Monitor.sys
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys - [
file not found to scan]
---------Key:
gupdatem
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM

Modified: 9/15/2013 7:45 PM

Company: Google Inc.
Scan cancelled by User
---------Services registry keys scan stopped at user request
The VxD Entries were not scanned
The Winlogon\Notify DLLs were not scanned
The ContextMenuHandlers were not scanned
The Browser Helper Objects were not scanned
The ShellServiceObjects were not scanned
The SharedTaskScheduler DLLs were not scanned
The Imagefile Debuggers were not scanned
The AppInit_DLLs were not scanned
The Security Provider DLLs were not scanned
The Global Startup Group was not scanned
The User Startup Groups were not scanned
The Scheduled Tasks were not scanned
The ShellIconOverylayIdentifiers were not scanned
The Device Drivers were not scanned
Heuristic Checks Scan stopped at user request
Running Processes were not scanned
The HOSTS file was not checked
The check on Explorer.exe was not carried out
Internet Explorer settings were not checked.
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 7:44:05 AM 05 Nov 2013
Total Scan time: 00:00:09
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 7:43:29 AM 05 Nov 2013
Using Database v8254
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
7:43:30 AM: ----- Checking Default File Associations ----No modified default file associations detected
************************************************************
7:43:30 AM: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.
************************************************************
7:43:31 AM: Scanning ----- Windows Registry -----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: C:\WINDOWS\Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "Userinit" value calls the following program(s):
Key value: [userinit.exe,]
File: userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "System" value appears to be blank
---------This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
----------------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [RTHDCPL]
Value Data: [RTHDCPL.EXE]
C:\WINDOWS\RTHDCPL.EXE
20117136 bytes
Created: 6/2/2013 9:30 AM
Modified: 8/6/2012 10:37 PM
Company: Realtek Semiconductor Corp.
-------------------Value Name: [ShStatEXE]
Value Data: ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALO
NE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
124240 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------Value Name: [NvCplDaemon]
Value Data: [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
C:\WINDOWS\system32\NvCpl.dll
15517984 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
--------------------

Value Name: [TrojanScanner]

Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot]
C:\Program Files\Trojan Remover\Trjscan.exe
1655568 bytes
Created: 11/5/2013 7:32 AM
Modified: 7/19/2013 5:42 PM
Company: Simply Super Software
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [InstantFileFind]
Value Data: [C:\Program Files\Instant File Find\InstantFileFind.exe /hide]
C:\Program Files\Instant File Find\InstantFileFind.exe
352256 bytes
Created: 6/5/2013 12:13 AM
Modified: 8/22/2011 8:17 PM
Company: SearchOnPc.com
-------------------Value Name: [Octoshape Streaming Services]
Value Data: ["C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape
Streaming Services\OctoshapeClient.exe" -inv:bootrun]
C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape Streaming Ser
vices\OctoshapeClient.exe
70936 bytes
Created: 9/18/2013 9:45 PM
Modified: 1/8/2009 7:14 PM
Company: Octoshape ApS
-------------------Value Name: [Airy Memory Cleaner]
Value Data: [C:\Program Files\Airy Memory Cleaner\AiryMC.exe]
C:\Program Files\Airy Memory Cleaner\AiryMC.exe
239616 bytes
Created: 9/2/2013 3:06 PM
Modified: 9/2/2013 3:06 PM
Company: http://www.airysoftware.com
-------------------Value Name: [RoboForm]
Value Data: ["C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"]
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
109784 bytes
Created: 10/21/2013 6:59 PM
Modified: 10/21/2013 6:58 PM
Company: Siber Systems
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
7:43:34 AM: Scanning -----SHELLEXECUTEHOOKS----ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:
shell32.dll - this file is expected and has been left in place
---------************************************************************
7:43:34 AM: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found

---------************************************************************
7:43:34 AM: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
220672 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------************************************************************
7:43:35 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----************************************************************
7:43:35 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----************************************************************
7:43:35 AM: Scanning ----- SERVICES REGISTRY KEYS ----Key:
AdvancedSystemCareService6
ImagePath: C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - [file not found to
scan]
---------Key:
Ambfilt
ImagePath: system32\drivers\Ambfilt.sys
C:\WINDOWS\system32\drivers\Ambfilt.sys
1691480 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:16 PM
Company: Creative
---------Key:
aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
35160 bytes
Created: 3/18/2010 4:47 PM
Modified: 3/18/2010 4:47 PM
Company: Microsoft Corporation
---------Key:
atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
clr_optimization_v4.0.30319_32
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------Key:
FileMonitor
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\File
Monitor.sys

C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys - [

file not found to scan]
---------Key:
gupdatem
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
---------Key:
McAfeeEngineService
ImagePath: "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe"
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
19456 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfeapfk
ImagePath: system32\drivers\mfeapfk.sys
C:\WINDOWS\system32\drivers\mfeapfk.sys
74648 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfeavfk
ImagePath: system32\drivers\mfeavfk.sys
C:\WINDOWS\system32\drivers\mfeavfk.sys
90360 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfebopk
ImagePath: system32\drivers\mfebopk.sys
C:\WINDOWS\system32\drivers\mfebopk.sys
42424 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfehidk
ImagePath: system32\drivers\mfehidk.sys
C:\WINDOWS\system32\drivers\mfehidk.sys
340592 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfetdik
ImagePath: system32\drivers\mfetdik.sys
C:\WINDOWS\system32\drivers\mfetdik.sys
62704 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfevtp

ImagePath: C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\mfevtps.exe
67904 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
Monfilt
ImagePath: system32\drivers\Monfilt.sys
C:\WINDOWS\system32\drivers\Monfilt.sys
1395800 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:17 PM
Company: Creative Technology Ltd.
---------Key:
MozillaMaintenance
ImagePath: "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
117144 bytes
Created: 6/2/2013 9:48 AM
Modified: 5/12/2013 3:56 AM
Company: Mozilla Foundation
---------Key:
NitroDriverReadSpool8
ImagePath: C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
196616 bytes
Created: 12/13/2012 11:47 AM
Modified: 12/13/2012 11:47 AM
Company: Nitro PDF Software
---------Key:
NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
70912 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
168040 bytes
Created: 6/2/2013 9:32 AM
Modified: 4/9/2010 2:30 AM
Company: NVIDIA Corporation
---------Key:
nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13824 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvUpdatusService
ImagePath: "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1259296 bytes
Created: 7/5/2013 12:16 PM

Modified: 3/23/2013 1:22 AM

Company: NVIDIA Corporation
---------Key:
RegFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regf
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys - [fi
le not found to scan]
---------Key:
SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{792CA496-B707-4342-B7CC-2
7C6B33C8245}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
UrlFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlF
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys - [fi
le not found to scan]
---------Key:
WPFFontCache_v0400
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.
exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
753504 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------************************************************************
7:43:40 AM: Scanning -----VXD ENTRIES----************************************************************
7:43:40 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----************************************************************
7:43:40 AM: Scanning ----- ContextMenuHandlers ----Key: NPShellExtension
CLSID: {9C4B85B8-956C-49BF-9BA5-101384E562B2}
Path: C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
95752 bytes
Created: 12/13/2012 11:47 AM
Modified: 12/13/2012 11:47 AM
Company: Nitro PDF
---------Key: VirusScan
CLSID: {cda2863e-2497-4c49-9b89-06840e070a87}
Path: C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
31568 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
----------

Key: WondershareVideoConverterFileOpreation
CLSID: {55D63393-DB17-4A2B-9052-15D85B4B1344}
Path: C:\WINDOWS\system32\WSCM32.dll
C:\WINDOWS\system32\WSCM32.dll
153088 bytes
Created: 7/2/2013 11:38 AM
Modified: 3/25/2013 10:57 AM
Company:
---------************************************************************
7:43:40 AM: Scanning ----- Folder\ColumnHandlers ----Key: {FED7043D-346A-414D-ACD7-550D052499A7}
File: C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
195144 bytes
Created: 7/8/2013 2:53 PM
Modified: 7/8/2013 2:53 PM
Company: Illustrate
---------************************************************************
7:43:41 AM: Scanning ----- Browser Helper Objects ----Key: {724d43a9-0d85-11d4-9908-00400523e39a}
BHO: C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
18594008 bytes
Created: 10/21/2013 6:59 PM
Modified: 10/21/2013 6:58 PM
Company: Siber Systems Inc.
---------************************************************************
7:43:41 AM: Scanning ----- ShellServiceObjectDelayLoad Entries ----************************************************************
7:43:41 AM: Scanning ----- ShellServiceObjects ----CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
File: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
236544 bytes
Created: 4/14/2008 5:30 PM
Modified: 3/8/2009 4:34 AM
Company: Microsoft Corporation
---------************************************************************
7:43:41 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----************************************************************
7:43:41 AM: Scanning ----- IMAGEFILE DEBUGGERS ----No "Debugger" entries found.
************************************************************
7:43:41 AM: Scanning ----- APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist
************************************************************
7:43:42 AM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
7:43:42 AM: Scanning ------ COMMON STARTUP GROUP -----[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 2:33 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
-------------------************************************************************
7:43:42 AM: Scanning ------ USER STARTUP GROUPS ------------------------Checking Startup Group for: SAI
[C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP]
The Startup Group for SAI attempts to load the following file(s):
C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 9:19 AM
Modified: 6/2/2013 9:15 AM
Company: [no info]
----------------------------Checking Startup Group for: UpdatusUser
[C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP]
The Startup Group for UpdatusUser attempts to load the following file(s):
C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 7/5/2013 12:16 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
---------************************************************************
7:43:42 AM: Scanning ----- SCHEDULED TASKS ----Taskname:
At1
File:
C:\DOCUME~1\SAI\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE
Parameters:
/Check
Schedule:
Every 1 hour(s) from 11:20 AM for 24 hour(s) every day, starting
8/14/2013
Next Run Time: 11/5/2013 8:20:00 AM
Status:
Has not run
Creator:
SYSTEM
Comments:
Created by NetScheduleJobAdd.
C:\DOCUME~1\SAI\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE - [file not found to scan
]
---------Taskname:
CatalinaGroupUpdateTaskUserS-1-5-21-1390067357-813497703-18016745
31-1003Core
File:
C:\Documents and Settings\SAI\Local Settings\Application Data\Cat
alinaGroup\Update\CatalinaUpdate.exe
C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\CatalinaUpdate.exe
147440 bytes
Created: 9/15/2013 7:48 PM
Modified: 10/28/2013 9:02 PM
Company: Catalina Group Ltd.
Parameters:
/c
Schedule:
At 9:08 PM every day, starting 10/28/2013

Next Run Time: 11/5/2013 9:08:00 PM

Status:
Ready
Creator:
SAI
Comments:
Keeps your Catalina software up to date. If this task is disabled
or stopped, your Catalina software will not be kept up to date, meaning securit
y vulnerabilities that may arise cannot be fixed and features may not work. This
task uninstalls itself when there is no Catalina software using it.
---------Taskname:
CatalinaGroupUpdateTaskUserS-1-5-21-1390067357-813497703-18016745
31-1003UA
File:
C:\Documents and Settings\SAI\Local Settings\Application Data\Cat
alinaGroup\Update\CatalinaUpdate.exe
C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\CatalinaUpdate.exe
147440 bytes
Created: 9/15/2013 7:48 PM
Modified: 10/28/2013 9:02 PM
Company: Catalina Group Ltd.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 9:08 PM for 24 hour(s) every day, starting 1
0/28/2013
Next Run Time: 11/5/2013 8:08:00 AM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Catalina software up to date. If this task is disabled
or stopped, your Catalina software will not be kept up to date, meaning securit
y vulnerabilities that may arise cannot be fixed and features may not work. This
task uninstalls itself when there is no Catalina software using it.
---------Taskname:
GoogleUpdateTaskMachineCore
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
Parameters:
/c
Schedule:
Multiple schedule times
Next Run Time: 11/5/2013 8:01:00 PM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Google software up to date. If this task is disabled o
r stopped, your Google software will not be kept up to date, meaning security vu
lnerabilities that may arise cannot be fixed and features may not work. This tas
k uninstalls itself when there is no Google software using it.
---------Taskname:
GoogleUpdateTaskMachineUA
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 8:01 PM for 24 hour(s) every day, starting 1
0/16/2013
Next Run Time: 11/5/2013 8:01:00 AM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Google software up to date. If this task is disabled o

r stopped, your Google software will not be kept up to date, meaning security vu
lnerabilities that may arise cannot be fixed and features may not work. This tas
k uninstalls itself when there is no Google software using it.
---------************************************************************
7:43:43 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----************************************************************
7:43:43 AM: Scanning ----- DEVICE DRIVER ENTRIES ----************************************************************
7:43:43 AM: ----- ADDITIONAL CHECKS ----PE386 rootkit checks completed
---------Winlogon registry rootkit checks completed
---------Heuristic checks for hidden files/drivers completed
---------Layered Service Provider entries checks completed
---------Windows Explorer Policies checks completed
---------Desktop Wallpaper: C:\Documents and Settings\SAI\Local Settings\Application Data
\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
637554 bytes
Created: 7/22/2013 10:17 AM
Modified: 9/8/2013 6:11 PM
Company: [no info]
---------Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\W
allpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
637554 bytes
Created: 7/22/2013 10:17 AM
Modified: 9/8/2013 6:11 PM
Company: [no info]
---------Checks for rogue DNS NameServers completed
---------Checks for Backdoor.ZeroAccess completed
---------Safe Mode checks completed
---------Additional checks completed
************************************************************
7:43:44 AM: Scanning ----- RUNNING PROCESSES ----C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\csrss.exe
6144 bytes

Created: 4/14/2008 5:30 PM

Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\services.exe
108544 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Program Files\McAfee\Common Framework\FrameworkService.exe
103744 bytes
Created: 3/14/2008 4:00 AM
Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
62800 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 10/26/2006 1:40 PM
Modified: 10/26/2006 1:40 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\nvsvc32.exe
156448 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
226624 bytes

Created: 3/14/2008 4:00 AM

Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
143088 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
26672 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Documents and Settings\SAI\Application Data\Simply Super Software\Trojan Remo
ver\bdw11.exe
FileSize:
5070072
[This is a Trojan Remover component]
--------------------------------------C:\WINDOWS\system32\wbem\wmiprvse.exe
218112 bytes
Created: 6/2/2013 9:11 AM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------************************************************************
7:43:48 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS_Z2A4Q4
6FXXXXZ2A4Q46F&ts=1376373024
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS_Z2A4Q4
6FXXXXZ2A4Q46F&ts=1376373024
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS
_Z2A4Q46FXXXXZ2A4Q46F&ts=1376373024
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS
_Z2A4Q46FXXXXZ2A4Q46F&ts=1376373024
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":

https://www.google.co.in/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS_Z2A4Q4
6FXXXXZ2A4Q46F&ts=1376373024
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 7:43:48 AM 05 Nov 2013
Total Scan time: 00:00:18
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 7:40:24 AM 05 Nov 2013
Using Database v8200
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
7:40:25 AM: ----- Checking Default File Associations ----No modified default file associations detected
************************************************************
7:40:25 AM: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.
************************************************************
7:40:26 AM: Scanning ----- Windows Registry -----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: C:\WINDOWS\Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "Userinit" value calls the following program(s):
Key value: [userinit.exe,]
File: userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes

Created: 4/14/2008 5:30 PM

Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "System" value appears to be blank
---------This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
----------------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [RTHDCPL]
Value Data: [RTHDCPL.EXE]
C:\WINDOWS\RTHDCPL.EXE
20117136 bytes
Created: 6/2/2013 9:30 AM
Modified: 8/6/2012 10:37 PM
Company: Realtek Semiconductor Corp.
-------------------Value Name: [ShStatEXE]
Value Data: ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALO
NE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
124240 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------Value Name: [NvCplDaemon]
Value Data: [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
C:\WINDOWS\system32\NvCpl.dll
15517984 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------Value Name: [TrojanScanner]
Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot]
C:\Program Files\Trojan Remover\Trjscan.exe
1655568 bytes
Created: 11/5/2013 7:32 AM
Modified: 7/19/2013 5:42 PM
Company: Simply Super Software
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [InstantFileFind]
Value Data: [C:\Program Files\Instant File Find\InstantFileFind.exe /hide]
C:\Program Files\Instant File Find\InstantFileFind.exe
352256 bytes

Created: 6/5/2013 12:13 AM

Modified: 8/22/2011 8:17 PM
Company: SearchOnPc.com
-------------------Value Name: [Octoshape Streaming Services]
Value Data: ["C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape
Streaming Services\OctoshapeClient.exe" -inv:bootrun]
C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape Streaming Ser
vices\OctoshapeClient.exe
70936 bytes
Created: 9/18/2013 9:45 PM
Modified: 1/8/2009 7:14 PM
Company: Octoshape ApS
-------------------Value Name: [Airy Memory Cleaner]
Value Data: [C:\Program Files\Airy Memory Cleaner\AiryMC.exe]
C:\Program Files\Airy Memory Cleaner\AiryMC.exe
239616 bytes
Created: 9/2/2013 3:06 PM
Modified: 9/2/2013 3:06 PM
Company: http://www.airysoftware.com
-------------------Value Name: [RoboForm]
Value Data: ["C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"]
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
109784 bytes
Created: 10/21/2013 6:59 PM
Modified: 10/21/2013 6:58 PM
Company: Siber Systems
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
7:40:34 AM: Scanning -----SHELLEXECUTEHOOKS----ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:
shell32.dll - this file is expected and has been left in place
---------************************************************************
7:40:34 AM: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found
---------************************************************************
7:40:34 AM: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
220672 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------************************************************************
7:40:34 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----************************************************************

7:40:34 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----************************************************************

7:40:35 AM: Scanning ----- SERVICES REGISTRY KEYS ----Key:
AdvancedSystemCareService6
ImagePath: C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - [file not found to
scan]
---------Key:
Ambfilt
ImagePath: system32\drivers\Ambfilt.sys
C:\WINDOWS\system32\drivers\Ambfilt.sys
1691480 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:16 PM
Company: Creative
---------Key:
aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
35160 bytes
Created: 3/18/2010 4:47 PM
Modified: 3/18/2010 4:47 PM
Company: Microsoft Corporation
---------Key:
atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
clr_optimization_v4.0.30319_32
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------Key:
FileMonitor
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\File
Monitor.sys
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys - [
file not found to scan]
---------Key:
gupdatem
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
---------Key:
McAfeeEngineService
ImagePath: "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe"
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
19456 bytes
Created: 9/29/2008 8:07 AM

Modified: 9/29/2008 8:07 AM

Company: McAfee, Inc.
---------Key:
mfeapfk
ImagePath: system32\drivers\mfeapfk.sys
C:\WINDOWS\system32\drivers\mfeapfk.sys
74648 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfeavfk
ImagePath: system32\drivers\mfeavfk.sys
C:\WINDOWS\system32\drivers\mfeavfk.sys
90360 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfebopk
ImagePath: system32\drivers\mfebopk.sys
C:\WINDOWS\system32\drivers\mfebopk.sys
42424 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfehidk
ImagePath: system32\drivers\mfehidk.sys
C:\WINDOWS\system32\drivers\mfehidk.sys
340592 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfetdik
ImagePath: system32\drivers\mfetdik.sys
C:\WINDOWS\system32\drivers\mfetdik.sys
62704 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfevtp
ImagePath: C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\mfevtps.exe
67904 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
Monfilt
ImagePath: system32\drivers\Monfilt.sys
C:\WINDOWS\system32\drivers\Monfilt.sys
1395800 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:17 PM
Company: Creative Technology Ltd.
---------Key:
MozillaMaintenance

ImagePath: "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
117144 bytes
Created: 6/2/2013 9:48 AM
Modified: 5/12/2013 3:56 AM
Company: Mozilla Foundation
---------Key:
NitroDriverReadSpool8
ImagePath: C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
196616 bytes
Created: 12/13/2012 11:47 AM
Modified: 12/13/2012 11:47 AM
Company: Nitro PDF Software
---------Key:
NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
70912 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
168040 bytes
Created: 6/2/2013 9:32 AM
Modified: 4/9/2010 2:30 AM
Company: NVIDIA Corporation
---------Key:
nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13824 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvUpdatusService
ImagePath: "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1259296 bytes
Created: 7/5/2013 12:16 PM
Modified: 3/23/2013 1:22 AM
Company: NVIDIA Corporation
---------Key:
RegFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regf
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys - [fi
le not found to scan]
---------Key:
SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{792CA496-B707-4342-B7CC-2
7C6B33C8245}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM

Company: Microsoft Corporation

---------Key:
UrlFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlF
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys - [fi
le not found to scan]
---------Key:
WPFFontCache_v0400
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.
exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
753504 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------************************************************************
7:40:43 AM: Scanning -----VXD ENTRIES----************************************************************
7:40:43 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----************************************************************
7:40:43 AM: Scanning ----- ContextMenuHandlers ----Key: NPShellExtension
CLSID: {9C4B85B8-956C-49BF-9BA5-101384E562B2}
Path: C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
95752 bytes
Created: 12/13/2012 11:47 AM
Modified: 12/13/2012 11:47 AM
Company: Nitro PDF
---------Key: VirusScan
CLSID: {cda2863e-2497-4c49-9b89-06840e070a87}
Path: C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
31568 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key: WondershareVideoConverterFileOpreation
CLSID: {55D63393-DB17-4A2B-9052-15D85B4B1344}
Path: C:\WINDOWS\system32\WSCM32.dll
C:\WINDOWS\system32\WSCM32.dll
153088 bytes
Created: 7/2/2013 11:38 AM
Modified: 3/25/2013 10:57 AM
Company:
---------************************************************************
7:40:44 AM: Scanning ----- Folder\ColumnHandlers ----Key: {FED7043D-346A-414D-ACD7-550D052499A7}
File: C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
195144 bytes

Created: 7/8/2013 2:53 PM

Modified: 7/8/2013 2:53 PM
Company: Illustrate
---------************************************************************
7:40:44 AM: Scanning ----- Browser Helper Objects ----Key: {724d43a9-0d85-11d4-9908-00400523e39a}
BHO: C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
18594008 bytes
Created: 10/21/2013 6:59 PM
Modified: 10/21/2013 6:58 PM
Company: Siber Systems Inc.
---------************************************************************
7:40:45 AM: Scanning ----- ShellServiceObjectDelayLoad Entries ----************************************************************
7:40:45 AM: Scanning ----- ShellServiceObjects ----CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
File: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
236544 bytes
Created: 4/14/2008 5:30 PM
Modified: 3/8/2009 4:34 AM
Company: Microsoft Corporation
---------************************************************************
7:40:45 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----************************************************************
7:40:45 AM: Scanning ----- IMAGEFILE DEBUGGERS ----No "Debugger" entries found.
************************************************************
7:40:45 AM: Scanning ----- APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist
************************************************************
7:40:45 AM: Scanning ----- SECURITY PROVIDER DLLS ----************************************************************
7:40:45 AM: Scanning ------ COMMON STARTUP GROUP -----[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 2:33 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
-------------------************************************************************
7:40:46 AM: Scanning ------ USER STARTUP GROUPS ------------------------Checking Startup Group for: SAI
[C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP]

The Startup Group for SAI attempts to load the following file(s):
C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 9:19 AM
Modified: 6/2/2013 9:15 AM
Company: [no info]
----------------------------Checking Startup Group for: UpdatusUser
[C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP]
The Startup Group for UpdatusUser attempts to load the following file(s):
C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 7/5/2013 12:16 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
---------************************************************************
7:40:46 AM: Scanning ----- SCHEDULED TASKS ----Taskname:
At1
File:
C:\DOCUME~1\SAI\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE
Parameters:
/Check
Schedule:
Every 1 hour(s) from 11:20 AM for 24 hour(s) every day, starting
8/14/2013
Next Run Time: 11/5/2013 8:20:00 AM
Status:
Has not run
Creator:
SYSTEM
Comments:
Created by NetScheduleJobAdd.
C:\DOCUME~1\SAI\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE - [file not found to scan
]
---------Taskname:
CatalinaGroupUpdateTaskUserS-1-5-21-1390067357-813497703-18016745
31-1003Core
File:
C:\Documents and Settings\SAI\Local Settings\Application Data\Cat
alinaGroup\Update\CatalinaUpdate.exe
C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\CatalinaUpdate.exe
147440 bytes
Created: 9/15/2013 7:48 PM
Modified: 10/28/2013 9:02 PM
Company: Catalina Group Ltd.
Parameters:
/c
Schedule:
At 9:08 PM every day, starting 10/28/2013
Next Run Time: 11/5/2013 9:08:00 PM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Catalina software up to date. If this task is disabled
or stopped, your Catalina software will not be kept up to date, meaning securit
y vulnerabilities that may arise cannot be fixed and features may not work. This
task uninstalls itself when there is no Catalina software using it.
---------Taskname:
CatalinaGroupUpdateTaskUserS-1-5-21-1390067357-813497703-18016745
31-1003UA
File:
C:\Documents and Settings\SAI\Local Settings\Application Data\Cat
alinaGroup\Update\CatalinaUpdate.exe
C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\CatalinaUpdate.exe
147440 bytes
Created: 9/15/2013 7:48 PM

Modified: 10/28/2013 9:02 PM

Company: Catalina Group Ltd.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 9:08 PM for 24 hour(s) every day, starting 1
0/28/2013
Next Run Time: 11/5/2013 8:08:00 AM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Catalina software up to date. If this task is disabled
or stopped, your Catalina software will not be kept up to date, meaning securit
y vulnerabilities that may arise cannot be fixed and features may not work. This
task uninstalls itself when there is no Catalina software using it.
---------Taskname:
GoogleUpdateTaskMachineCore
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
Parameters:
/c
Schedule:
Multiple schedule times
Next Run Time: 11/5/2013 8:01:00 PM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Google software up to date. If this task is disabled o
r stopped, your Google software will not be kept up to date, meaning security vu
lnerabilities that may arise cannot be fixed and features may not work. This tas
k uninstalls itself when there is no Google software using it.
---------Taskname:
GoogleUpdateTaskMachineUA
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 8:01 PM for 24 hour(s) every day, starting 1
0/16/2013
Next Run Time: 11/5/2013 8:01:00 AM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Google software up to date. If this task is disabled o
r stopped, your Google software will not be kept up to date, meaning security vu
lnerabilities that may arise cannot be fixed and features may not work. This tas
k uninstalls itself when there is no Google software using it.
---------************************************************************
7:40:47 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----************************************************************
7:40:47 AM: Scanning ----- DEVICE DRIVER ENTRIES ----************************************************************
7:40:47 AM: ----- ADDITIONAL CHECKS ----PE386 rootkit checks completed
---------Winlogon registry rootkit checks completed

---------Heuristic checks for hidden files/drivers completed

---------Layered Service Provider entries checks completed
---------Windows Explorer Policies checks completed
---------Desktop Wallpaper: C:\Documents and Settings\SAI\Local Settings\Application Data
\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
637554 bytes
Created: 7/22/2013 10:17 AM
Modified: 9/8/2013 6:11 PM
Company: [no info]
---------Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\W
allpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
637554 bytes
Created: 7/22/2013 10:17 AM
Modified: 9/8/2013 6:11 PM
Company: [no info]
---------Checks for rogue DNS NameServers completed
---------Checks for Backdoor.ZeroAccess completed
---------Safe Mode checks completed
---------Additional checks completed
************************************************************
7:40:48 AM: Scanning ----- RUNNING PROCESSES ----C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\services.exe
108544 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
--------------------

C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Program Files\McAfee\Common Framework\FrameworkService.exe
103744 bytes
Created: 3/14/2008 4:00 AM
Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
62800 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 10/26/2006 1:40 PM
Modified: 10/26/2006 1:40 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\nvsvc32.exe
156448 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
226624 bytes
Created: 3/14/2008 4:00 AM
Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
143088 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
26672 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
--------------------

C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\wuauclt.exe
111104 bytes
Created: 6/2/2013 9:13 AM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Documents and Settings\SAI\Application Data\Simply Super Software\Trojan Remo
ver\mnuD.exe
FileSize:
5070072
[This is a Trojan Remover component]
--------------------------------------C:\WINDOWS\system32\wbem\wmiprvse.exe
218112 bytes
Created: 6/2/2013 9:11 AM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------************************************************************
7:40:53 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS_Z2A4Q4
6FXXXXZ2A4Q46F&ts=1376373024
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS_Z2A4Q4
6FXXXXZ2A4Q46F&ts=1376373024
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS
_Z2A4Q46FXXXXZ2A4Q46F&ts=1376373024
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS
_Z2A4Q46FXXXXZ2A4Q46F&ts=1376373024
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.co.in/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS_Z2A4Q4
6FXXXXZ2A4Q46F&ts=1376373024
************************************************************

=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===

Scan completed at: 7:40:53 AM 05 Nov 2013
Total Scan time: 00:00:28
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 7:38:19 AM 05 Nov 2013
Using Database v8200
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on J:\123
(including subdirectories)
Archive files will be EXCLUDED.
----------------------------------------------------------0 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 7:38:20 AM 05 Nov 2013
Total Scan time: 00:00:00
************************************************************
-----------------------------Scan stopped by user after 570 files were checked
No Malware files detected
Scan stopped at: 11/5/2013 7:38:09 AM
Total Scan time: 00:00:28
************************************************************
======================================
[INCOMPLETE SCAN LOG RECOVERED]
======================================
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 7:37:39 AM 05 Nov 2013
Using Database v8200
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\

Running with Administrator privileges

************************************************************
Carrying out scan on J:\
(including subdirectories)
Archive files will be EXCLUDED.
-----------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[INCOMPLETE SCAN LOG RECOVERED]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
***** THE SYSTEM HAS BEEN RESTARTED *****
11/5/2013 7:37:05 AM: Trojan Remover has been restarted
11/5/2013 7:37:05 AM: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.8.2623. For information, email support@simplysup.com
[Registered to: soonerter@nokiamail.com]
Scan started at: 7:35:28 AM 05 Nov 2013
Using Database v8200
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\SAI\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SAI\My Documents\Simply Super Soft
ware\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
7:35:29 AM: ----- Checking Default File Associations ----StartMenuInternet\IEXPLORE.EXE entry: [C:\Program Files\Internet Explorer\iexplo
re.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS
_Z2A4Q46FXXXXZ2A4Q46F&ts=1376373024]
This entry loads the following file:
C:\Program Files\Internet Explorer\iexplore.exe
638816 bytes
Created: 6/2/2013 9:12 AM
Modified: 3/8/2009 2:09 PM
Company: Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe - file renamed to: C:\Program Fi
les\Internet Explorer\iexplore.exe.vir
"HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command" entry
has been reset
************************************************************
7:35:42 AM: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.
************************************************************
7:35:43 AM: Scanning ----- Windows Registry -----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):

Key value: [Explorer.exe]

File: C:\WINDOWS\Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "Userinit" value calls the following program(s):
Key value: [userinit.exe,]
File: userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------This key's "System" value appears to be blank
---------This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
----------------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [RTHDCPL]
Value Data: [RTHDCPL.EXE]
C:\WINDOWS\RTHDCPL.EXE
20117136 bytes
Created: 6/2/2013 9:30 AM
Modified: 8/6/2012 10:37 PM
Company: Realtek Semiconductor Corp.
-------------------Value Name: [ShStatEXE]
Value Data: ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALO
NE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
124240 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------Value Name: [NvCplDaemon]
Value Data: [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
C:\WINDOWS\system32\NvCpl.dll
15517984 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------Value Name: [TrojanScanner]
Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot]
C:\Program Files\Trojan Remover\Trjscan.exe

1655568 bytes
Created: 11/5/2013 7:32 AM
Modified: 7/19/2013 5:42 PM
Company: Simply Super Software
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [InstantFileFind]
Value Data: [C:\Program Files\Instant File Find\InstantFileFind.exe /hide]
C:\Program Files\Instant File Find\InstantFileFind.exe
352256 bytes
Created: 6/5/2013 12:13 AM
Modified: 8/22/2011 8:17 PM
Company: SearchOnPc.com
-------------------Value Name: [Octoshape Streaming Services]
Value Data: ["C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape
Streaming Services\OctoshapeClient.exe" -inv:bootrun]
C:\Documents and Settings\SAI\Application Data\Octoshape\Octoshape Streaming Ser
vices\OctoshapeClient.exe
70936 bytes
Created: 9/18/2013 9:45 PM
Modified: 1/8/2009 7:14 PM
Company: Octoshape ApS
-------------------Value Name: [Airy Memory Cleaner]
Value Data: [C:\Program Files\Airy Memory Cleaner\AiryMC.exe]
C:\Program Files\Airy Memory Cleaner\AiryMC.exe
239616 bytes
Created: 9/2/2013 3:06 PM
Modified: 9/2/2013 3:06 PM
Company: http://www.airysoftware.com
-------------------Value Name: [RoboForm]
Value Data: ["C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"]
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
109784 bytes
Created: 10/21/2013 6:59 PM
Modified: 10/21/2013 6:58 PM
Company: Siber Systems
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
7:35:46 AM: Scanning -----SHELLEXECUTEHOOKS----ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:
shell32.dll - this file is expected and has been left in place
---------************************************************************
7:35:46 AM: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found
---------************************************************************

7:35:46 AM: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\WINDOWS\System32\logon.scr

C:\WINDOWS\System32\logon.scr
220672 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------************************************************************
7:35:46 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----************************************************************
7:35:47 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----************************************************************
7:35:47 AM: Scanning ----- SERVICES REGISTRY KEYS ----------------Key:
AdvancedSystemCareService6
ImagePath: C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - [file not found to
scan]
---------Key:
Ambfilt
ImagePath: system32\drivers\Ambfilt.sys
C:\WINDOWS\system32\drivers\Ambfilt.sys
1691480 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:16 PM
Company: Creative
---------Key:
aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
35160 bytes
Created: 3/18/2010 4:47 PM
Modified: 3/18/2010 4:47 PM
Company: Microsoft Corporation
---------Key:
atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
clr_optimization_v4.0.30319_32
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------Key:
FileMonitor
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\File
Monitor.sys

C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys - [

file not found to scan]
---------Key:
gupdatem
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
---------Key:
McAfeeEngineService
ImagePath: "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe"
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
19456 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfeapfk
ImagePath: system32\drivers\mfeapfk.sys
C:\WINDOWS\system32\drivers\mfeapfk.sys
74648 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfeavfk
ImagePath: system32\drivers\mfeavfk.sys
C:\WINDOWS\system32\drivers\mfeavfk.sys
90360 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfebopk
ImagePath: system32\drivers\mfebopk.sys
C:\WINDOWS\system32\drivers\mfebopk.sys
42424 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfehidk
ImagePath: system32\drivers\mfehidk.sys
C:\WINDOWS\system32\drivers\mfehidk.sys
340592 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfetdik
ImagePath: system32\drivers\mfetdik.sys
C:\WINDOWS\system32\drivers\mfetdik.sys
62704 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
mfevtp

ImagePath: C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\mfevtps.exe
67904 bytes
Created: 6/2/2013 12:26 PM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
---------Key:
Monfilt
ImagePath: system32\drivers\Monfilt.sys
C:\WINDOWS\system32\drivers\Monfilt.sys
1395800 bytes
Created: 6/2/2013 9:30 AM
Modified: 11/18/2009 1:17 PM
Company: Creative Technology Ltd.
---------Key:
MozillaMaintenance
ImagePath: "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
117144 bytes
Created: 6/2/2013 9:48 AM
Modified: 5/12/2013 3:56 AM
Company: Mozilla Foundation
---------Key:
NitroDriverReadSpool8
ImagePath: C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
196616 bytes
Created: 12/13/2012 11:47 AM
Modified: 12/13/2012 11:47 AM
Company: Nitro PDF Software
---------Key:
NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
70912 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
168040 bytes
Created: 6/2/2013 9:32 AM
Modified: 4/9/2010 2:30 AM
Company: NVIDIA Corporation
---------Key:
nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13824 bytes
Created: 6/2/2013 9:27 AM
Modified: 3/4/2010 6:02 PM
Company: NVIDIA Corporation
---------Key:
nvUpdatusService
ImagePath: "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1259296 bytes
Created: 7/5/2013 12:16 PM

Modified: 3/23/2013 1:22 AM

Company: NVIDIA Corporation
---------Key:
RegFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regf
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys - [fi
le not found to scan]
---------Key:
SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{792CA496-B707-4342-B7CC-2
7C6B33C8245}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
---------Key:
UrlFilter
ImagePath: \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlF
ilter.sys
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys - [fi
le not found to scan]
---------Key:
WPFFontCache_v0400
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.
exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
753504 bytes
Created: 3/18/2010 1:16 PM
Modified: 3/18/2010 1:16 PM
Company: Microsoft Corporation
---------************************************************************
7:35:54 AM: Scanning -----VXD ENTRIES----************************************************************
7:35:54 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----************************************************************
7:35:54 AM: Scanning ----- ContextMenuHandlers ----Key: NPShellExtension
CLSID: {9C4B85B8-956C-49BF-9BA5-101384E562B2}
Path: C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
C:\PROGRA~1\Nitro\PRO8~1\NPSHEL~1.DLL
95752 bytes
Created: 12/13/2012 11:47 AM
Modified: 12/13/2012 11:47 AM
Company: Nitro PDF
---------Key: VirusScan
CLSID: {cda2863e-2497-4c49-9b89-06840e070a87}
Path: C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
31568 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
----------

Key: WondershareVideoConverterFileOpreation
CLSID: {55D63393-DB17-4A2B-9052-15D85B4B1344}
Path: C:\WINDOWS\system32\WSCM32.dll
C:\WINDOWS\system32\WSCM32.dll
153088 bytes
Created: 7/2/2013 11:38 AM
Modified: 3/25/2013 10:57 AM
Company:
---------************************************************************
7:35:54 AM: Scanning ----- Folder\ColumnHandlers ----Key: {FED7043D-346A-414D-ACD7-550D052499A7}
File: C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
195144 bytes
Created: 7/8/2013 2:53 PM
Modified: 7/8/2013 2:53 PM
Company: Illustrate
---------************************************************************
7:35:54 AM: Scanning ----- Browser Helper Objects ----Key: {724d43a9-0d85-11d4-9908-00400523e39a}
BHO: C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
18594008 bytes
Created: 10/21/2013 6:59 PM
Modified: 10/21/2013 6:58 PM
Company: Siber Systems Inc.
---------************************************************************
7:35:55 AM: Scanning ----- ShellServiceObjectDelayLoad Entries ----************************************************************
7:35:55 AM: Scanning ----- ShellServiceObjects ----CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
File: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
236544 bytes
Created: 4/14/2008 5:30 PM
Modified: 3/8/2009 4:34 AM
Company: Microsoft Corporation
---------************************************************************
7:35:55 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----************************************************************
7:35:55 AM: Scanning ----- IMAGEFILE DEBUGGERS ----No "Debugger" entries found.
************************************************************
7:35:55 AM: Scanning ----- APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist
************************************************************
7:35:55 AM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
7:35:55 AM: Scanning ------ COMMON STARTUP GROUP -----[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 2:33 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
-------------------************************************************************
7:35:55 AM: Scanning ------ USER STARTUP GROUPS ------------------------Checking Startup Group for: SAI
[C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP]
The Startup Group for SAI attempts to load the following file(s):
C:\Documents and Settings\SAI\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/2/2013 9:19 AM
Modified: 6/2/2013 9:15 AM
Company: [no info]
----------------------------Checking Startup Group for: UpdatusUser
[C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP]
The Startup Group for UpdatusUser attempts to load the following file(s):
C:\Documents and Settings\UpdatusUser\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 7/5/2013 12:16 PM
Modified: 6/2/2013 9:15 AM
Company: [no info]
---------************************************************************
7:35:56 AM: Scanning ----- SCHEDULED TASKS ----Taskname:
At1
File:
C:\DOCUME~1\SAI\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE
Parameters:
/Check
Schedule:
Every 1 hour(s) from 11:20 AM for 24 hour(s) every day, starting
8/14/2013
Next Run Time: 11/5/2013 8:20:00 AM
Status:
Has not run
Creator:
SYSTEM
Comments:
Created by NetScheduleJobAdd.
C:\DOCUME~1\SAI\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE - [file not found to scan
]
---------Taskname:
CatalinaGroupUpdateTaskUserS-1-5-21-1390067357-813497703-18016745
31-1003Core
File:
C:\Documents and Settings\SAI\Local Settings\Application Data\Cat
alinaGroup\Update\CatalinaUpdate.exe
C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\CatalinaUpdate.exe
147440 bytes
Created: 9/15/2013 7:48 PM
Modified: 10/28/2013 9:02 PM
Company: Catalina Group Ltd.
Parameters:
/c
Schedule:
At 9:08 PM every day, starting 10/28/2013

Next Run Time: 11/5/2013 9:08:00 PM

Status:
Ready
Creator:
SAI
Comments:
Keeps your Catalina software up to date. If this task is disabled
or stopped, your Catalina software will not be kept up to date, meaning securit
y vulnerabilities that may arise cannot be fixed and features may not work. This
task uninstalls itself when there is no Catalina software using it.
---------Taskname:
CatalinaGroupUpdateTaskUserS-1-5-21-1390067357-813497703-18016745
31-1003UA
File:
C:\Documents and Settings\SAI\Local Settings\Application Data\Cat
alinaGroup\Update\CatalinaUpdate.exe
C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\CatalinaUpdate.exe
147440 bytes
Created: 9/15/2013 7:48 PM
Modified: 10/28/2013 9:02 PM
Company: Catalina Group Ltd.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 9:08 PM for 24 hour(s) every day, starting 1
0/28/2013
Next Run Time: 11/5/2013 8:08:00 AM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Catalina software up to date. If this task is disabled
or stopped, your Catalina software will not be kept up to date, meaning securit
y vulnerabilities that may arise cannot be fixed and features may not work. This
task uninstalls itself when there is no Catalina software using it.
---------Taskname:
GoogleUpdateTaskMachineCore
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
Parameters:
/c
Schedule:
Multiple schedule times
Next Run Time: 11/5/2013 8:01:00 PM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Google software up to date. If this task is disabled o
r stopped, your Google software will not be kept up to date, meaning security vu
lnerabilities that may arise cannot be fixed and features may not work. This tas
k uninstalls itself when there is no Google software using it.
---------Taskname:
GoogleUpdateTaskMachineUA
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 9/15/2013 7:45 PM
Modified: 9/15/2013 7:45 PM
Company: Google Inc.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 8:01 PM for 24 hour(s) every day, starting 1
0/16/2013
Next Run Time: 11/5/2013 8:01:00 AM
Status:
Ready
Creator:
SAI
Comments:
Keeps your Google software up to date. If this task is disabled o

r stopped, your Google software will not be kept up to date, meaning security vu
lnerabilities that may arise cannot be fixed and features may not work. This tas
k uninstalls itself when there is no Google software using it.
---------************************************************************
7:35:56 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----************************************************************
7:35:56 AM: Scanning ----- DEVICE DRIVER ENTRIES ----************************************************************
7:35:57 AM: ----- ADDITIONAL CHECKS ----PE386 rootkit checks completed
---------Winlogon registry rootkit checks completed
---------Heuristic checks for hidden files/drivers completed
---------Layered Service Provider entries checks completed
---------Windows Explorer Policies checks completed
---------Desktop Wallpaper: C:\Documents and Settings\SAI\Local Settings\Application Data
\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
637554 bytes
Created: 7/22/2013 10:17 AM
Modified: 9/8/2013 6:11 PM
Company: [no info]
---------Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\W
allpaper1.bmp
C:\Documents and Settings\SAI\Local Settings\Application Data\Microsoft\Wallpape
r1.bmp
637554 bytes
Created: 7/22/2013 10:17 AM
Modified: 9/8/2013 6:11 PM
Company: [no info]
---------Checks for rogue DNS NameServers completed
---------Checks for Backdoor.ZeroAccess completed
---------Safe Mode checks completed
---------Additional checks completed
************************************************************
7:35:57 AM: Scanning ----- RUNNING PROCESSES ----C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\csrss.exe
6144 bytes

Created: 4/14/2008 5:30 PM

Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\services.exe
108544 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Program Files\McAfee\Common Framework\FrameworkService.exe
103744 bytes
Created: 3/14/2008 4:00 AM
Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
62800 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 10/26/2006 1:40 PM
Modified: 10/26/2006 1:40 PM
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\nvsvc32.exe
156448 bytes
Created: 3/16/2010 3:37 AM
Modified: 3/22/2013 3:56 AM
Company: NVIDIA Corporation
-------------------C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
226624 bytes

Created: 3/14/2008 4:00 AM

Modified: 3/14/2008 4:00 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
143088 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
26672 bytes
Created: 9/29/2008 8:07 AM
Modified: 9/29/2008 8:07 AM
Company: McAfee, Inc.
-------------------C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 4/14/2008 5:30 PM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Documents and Settings\SAI\Application Data\uTorrent\uTorrent.exe
884056 bytes
Created: 6/2/2013 10:09 AM
Modified: 6/13/2013 6:52 AM
Company: BitTorrent Inc.
-------------------C:\Documents and Settings\SAI\Local Settings\Application Data\CatalinaGroup\Upda
te\1.3.25.204\CatalinaCrashHandler.exe
147440 bytes
Created: 10/28/2013 9:03 PM
Modified: 10/28/2013 9:02 PM
Company: Catalina Group Ltd.
-------------------C:\Program Files\Windows Media Player\wmplayer.exe
73728 bytes
Created: 6/2/2013 9:13 AM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
-------------------C:\Program Files\Mozilla Firefox\firefox.exe
920472 bytes
Created: 6/2/2013 9:48 AM
Modified: 5/12/2013 3:56 AM
Company: Mozilla Corporation
-------------------C:\Documents and Settings\SAI\Application Data\Simply Super Software\Trojan Remo
ver\bes2CC.exe
FileSize:
5070072
[This is a Trojan Remover component]
--------------------------------------C:\WINDOWS\system32\wbem\wmiprvse.exe
218112 bytes
Created: 6/2/2013 9:11 AM
Modified: 4/14/2008 5:30 PM
Company: Microsoft Corporation
--------------------

************************************************************
7:36:01 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS_Z2A4Q4
6FXXXXZ2A4Q46F&ts=1376373024
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS_Z2A4Q4
6FXXXXZ2A4Q46F&ts=1376373024
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS
_Z2A4Q46FXXXXZ2A4Q46F&ts=1376373024
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS
_Z2A4Q46FXXXXZ2A4Q46F&ts=1376373024
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.co.in/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500413AS_Z2A4Q4
6FXXXXZ2A4Q46F&ts=1376373024
************************************************************
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 7:36:01 AM 05 Nov 2013
Total Scan time: 00:00:33
------------------------------------------------------------------------Trojan Remover needs to restart the system to complete operations
11/5/2013 7:36:05 AM: restart commenced
************************************************************